Windows SMB Remote Code Execution Vulnerability

Resolved At
May 22, 2017 14:43

In view of recent events that have highlighted the persistent risk of the threat posed by cyber-attacks
(http://www.bbc.co.uk/news/health-39899646) we strongly advise our customers to apply the following security update, released by Microsoft on March 14th this year: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx?f=255&MSPPError=-2147217396 , if not having done so already.

Microsoft have announced a vulnerability in Microsoft Server Message Block 1.0 (SMBv1) server. This service (SMB) is utilised to present shares, printers and more on a Microsoft Domain network.

This vulnerability exposes core Active directory components to Remote Code Execution from unauthenticated attackers. They would be able to execute any code they wished to potentially gain access to the entire network. The patches Microsoft have provided should be tested and installed as a matter of urgency.

Specific Security reports of the Common Vulnerabilities and Exposures (CVEs) are below -

The released patches target the SMBv1 service and the way it handles the particular requests that can be used to exploit it.

Customers whose environment is being managed by Melbourne will already have the patch installed any that are outstanding pending reboots or manual installations will be contacted by support staff to ensure their services are patched.

If you have any questions or concerns please contact the support team.